Towards Robust Detection of Adversarial Examples
This work addresses the problem of adversarial attacks for deep learning systems, offering a robust detection method that is incremental in nature.
The paper tackles the vulnerability of deep learning to adversarial examples by introducing a novel training procedure using reverse cross-entropy and a thresholding test strategy, achieving significant improvements in robust predictions on MNIST and CIFAR-10 datasets under various threat models.
Although the recent progress is substantial, deep learning methods can be vulnerable to the maliciously generated adversarial examples. In this paper, we present a novel training procedure and a thresholding test strategy, towards robust detection of adversarial examples. In training, we propose to minimize the reverse cross-entropy (RCE), which encourages a deep network to learn latent representations that better distinguish adversarial examples from normal ones. In testing, we propose to use a thresholding strategy as the detector to filter out adversarial examples for reliable predictions. Our method is simple to implement using standard algorithms, with little extra training cost compared to the common cross-entropy minimization. We apply our method to defend various attacking methods on the widely used MNIST and CIFAR-10 datasets, and achieve significant improvements on robust predictions under all the threat models in the adversarial setting.